Comments on: Basic Troubleshooting for RPC/HTTP Publishing (Exchange 2003) http://blogs.isaserver.org/shinder/2007/06/27/basic-troubleshooting-for-rpchttp-publishing-exchange-2003/ Written by Dr Thomas W Shinder, consultant to Microsoft, HP and many Fortune 500 companies on ISA firewall and Web proxy deployments this blog is where administrators get information about ISA Server Universal Threat Management firewalls. Topics include how to manage, deploy, and troubleshoot ISA Server as a network firewall, Web proxy/Web cache, remote access VPN server and VPN gateway to provide a high level of network security for all corporate computers. Fri, 5 Sep 2008 05:18:46 +0000 http://wordpress.org/?v=MU by: Luís Barreto http://blogs.isaserver.org/shinder/2007/06/27/basic-troubleshooting-for-rpchttp-publishing-exchange-2003/#comment-162255 Thu, 21 Feb 2008 23:22:55 +0000 http://blogs.isaserver.org/shinder/2007/06/27/basic-troubleshooting-for-rpchttp-publishing-exchange-2003/#comment-162255 Hi Dr Tom I'm a big fan of yours, I like your writing very much, basically because you explain how to do the things and also why they should be that way. Now, my problem regarding this (as always) comprehensive troubleshooting guide e one simply question: The last few days I'm trying to configure one of my ISA/Exchange RPC implementations with Single Sign On. I think I've read all the info on this matter on the web, and unfortunately I didn't get the straight answer, although at this time I suspect witch it is... - Giving 1 ISA 2006 (AD member), 1 Exchange 2003 (witch is also RPC proxy), 1 or 2 public IP, 1 or 2 web listeners, digital certificates, outlook 2003 or 2007 clients, it is possible to publish RPC over HTTP, securely (only to a subset of AD users) without requiring them to type their password to ISA Server? As I said, at this time, I think the answer is no. But if I'm wrong please point me some directions. Thank's Luis Barreto Portugal Hi Dr Tom

I’m a big fan of yours, I like your writing very much, basically because you explain how to do the things and also why they should be that way.
Now, my problem regarding this (as always) comprehensive troubleshooting guide e one simply question:

The last few days I’m trying to configure one of my ISA/Exchange RPC implementations with Single Sign On. I think I’ve read all the info on this matter on the web, and unfortunately I didn’t get the straight answer, although at this time I suspect witch it is…

- Giving 1 ISA 2006 (AD member), 1 Exchange 2003 (witch is also RPC proxy), 1 or 2 public IP, 1 or 2 web listeners, digital certificates, outlook 2003 or 2007 clients, it is possible to publish RPC over HTTP, securely (only to a subset of AD users) without requiring them to type their password to ISA Server?

As I said, at this time, I think the answer is no. But if I’m wrong please point me some directions.

Thank’s

Luis Barreto
Portugal

]]> by: Brian P http://blogs.isaserver.org/shinder/2007/06/27/basic-troubleshooting-for-rpchttp-publishing-exchange-2003/#comment-119060 Thu, 13 Sep 2007 18:40:23 +0000 http://blogs.isaserver.org/shinder/2007/06/27/basic-troubleshooting-for-rpchttp-publishing-exchange-2003/#comment-119060 I've gone through ALL configs over and over again including this checklist: all is OK. HTTPS connections work fine internally. As soon as I test from outside...nothing. Eventually, all connections fail and Outlook goes offline. I have set this up using your tutorial for single exchange publishing (identical!) as well as similar referrals to technet, petri, and others. This is Outlook Anywhere only, not OWA (OWA works when I set it up to test but then remove the policy to focus on RPCoHTTPS). The log shows a failed connection attempt for the RPC/HTTP rule with an HTTP status code of 0x80004005. I've searched everywhere and can only find cryptic info about this and even less as it applies to ISA. Please refer this to an appropriate post if needed. Please help...I'm at wits end. Thank you. I’ve gone through ALL configs over and over again including this checklist: all is OK. HTTPS connections work fine internally. As soon as I test from outside…nothing. Eventually, all connections fail and Outlook goes offline. I have set this up using your tutorial for single exchange publishing (identical!) as well as similar referrals to technet, petri, and others. This is Outlook Anywhere only, not OWA (OWA works when I set it up to test but then remove the policy to focus on RPCoHTTPS). The log shows a failed connection attempt for the RPC/HTTP rule with an HTTP status code of 0×80004005. I’ve searched everywhere and can only find cryptic info about this and even less as it applies to ISA. Please refer this to an appropriate post if needed. Please help…I’m at wits end. Thank you.

]]> by: Tom Shinder http://blogs.isaserver.org/shinder/2007/06/27/basic-troubleshooting-for-rpchttp-publishing-exchange-2003/#comment-106773 Wed, 04 Jul 2007 16:34:02 +0000 http://blogs.isaserver.org/shinder/2007/06/27/basic-troubleshooting-for-rpchttp-publishing-exchange-2003/#comment-106773 Because you're not preauthenticating with ISA Firewall, so all anonymous connections from any user on the Internet (read hackers) can get to your Exchange Server and take advantage of the anonymous connections. But not pre-authenticating at the ISA Firewall, you remove much of the security the ISA Firewall provides. HTH, Tom Because you’re not preauthenticating with ISA Firewall, so all anonymous connections from any user on the Internet (read hackers) can get to your Exchange Server and take advantage of the anonymous connections. But not pre-authenticating at the ISA Firewall, you remove much of the security the ISA Firewall provides.

HTH,
Tom

]]> by: Nóri http://blogs.isaserver.org/shinder/2007/06/27/basic-troubleshooting-for-rpchttp-publishing-exchange-2003/#comment-106772 Wed, 04 Jul 2007 15:48:38 +0000 http://blogs.isaserver.org/shinder/2007/06/27/basic-troubleshooting-for-rpchttp-publishing-exchange-2003/#comment-106772 But I've managed to get this working by specifying All Users. Why does it not work with All Authenticated Users? Nóri But I’ve managed to get this working by specifying All Users. Why does it not work with All Authenticated Users?

Nóri

]]> by: Tom Shinder http://blogs.isaserver.org/shinder/2007/06/27/basic-troubleshooting-for-rpchttp-publishing-exchange-2003/#comment-106665 Tue, 03 Jul 2007 19:34:27 +0000 http://blogs.isaserver.org/shinder/2007/06/27/basic-troubleshooting-for-rpchttp-publishing-exchange-2003/#comment-106665 You can't. You must use basic authentication to the Web listener. HTH, Tom You can’t. You must use basic authentication to the Web listener.

HTH,
Tom

]]> by: Nóri http://blogs.isaserver.org/shinder/2007/06/27/basic-troubleshooting-for-rpchttp-publishing-exchange-2003/#comment-106658 Tue, 03 Jul 2007 19:14:53 +0000 http://blogs.isaserver.org/shinder/2007/06/27/basic-troubleshooting-for-rpchttp-publishing-exchange-2003/#comment-106658 But what if I would like to use Integrated Authentication?? But what if I would like to use Integrated Authentication??

]]>